Experiencing a Security Breach?

24 Hour Hotline: +1 (866) 659-9097 Option 5

General

+1 (312) 873-7500

Monday - Friday 8:00 AM - 6:00 PM CT (UTC -6)

Sales

Contact a Trustwave solution specialist.

+1 (888) 878-7817

Monday - Friday 8:30 AM - 5:30 PM CT (UTC -6)

Loading...

Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Trustwave SpiderLabs published an advisory today in conjunction with VMWare for a systemic reflected cross-site scripting vulnerability in the Web Application Console for the vCenter Server Appliance (vCSA). VCSA is used to manage the vSphere virtual environment and is a Linux alternative to vCenter server deployments.

The vulnerability, discovered by Tanya Secker, is primarily due to the error handler echoing back user supplied data without sanitizing it. The reflected cross-site scripting vulnerability allows an attacker to inject malicious scripts via a URL or otherwise that will ultimately be executed in the victim's web browser.